Bitlocker PIN Setup.

Some laptops that we had worked on several months ago came back to us for BitLocker re-encryption. These computers had originally been encrypted and locked with a USB Key, but the clients decided that they wanted a text PIN instead of a physical key.

To accommodate this, we encrypted the hard drive again so that we could set the PIN. Though we don’t have a specified file store to keep track of the encryption keys (long strings of characters that are basically your last ditch effort to get into your computer if you forget your PIN), we printed them and slipped the paper in each respective laptop.

One interesting thing about BitLocker PINs is that the default PIN sets numerical passwords only. To configure the settings to allow PINs with letters, punctuation, etc, you need to access gpedit.msc (from Windows + R) and manually allow enhanced PINs.

We also created a standard local user account on each computer (see guide) with temporary usernames and passwords.

We didn’t know a reliable way to communicate the username and password to the clients without putting it on some type of public forum, so we went old school and wrote the passwords on the encryption key papers.

A+ for security measures.

Interestingly enough, I discovered one laptop that was already configured with a text PIN and I could not get into the laptop for the life of me. It was not one of our default temp passwords, which means the user changed it themselves (which is like . . . how did you even . . . ?).

We ended up wiping the whole computer, so I guess that works too.